b3521354b7e55289a66b054aec2a3ffe7f355ec7eace366424aadfcf0e426766

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19/06/2024, 21:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

009ec5fcb2a918da326186b11387f464_JaffaCakes118.exe
Size

503KB
MD5

009ec5fcb2a918da326186b11387f464
SHA1

2c299b13a0200d573f3aa8401047424f96f61b8a
SHA256

b3521354b7e55289a66b054aec2a3ffe7f355ec7eace366424aadfcf0e426766
SHA512

2135944c5155677673fdf6bda917190f7c870506403005c5428f4bbfb673da98e261c98fd851a142ec39ef73496081dbe144cc228b85a246cbc6f076d3da6f17
SSDEEP

6144:R+/JFnV6YmLzUv3BF2idZecnl20lHRxp3gAPhKtdJEar56C41km2ixJS2:R+RFn0xUzF3Z4mxxfPMtM4Q1t2iL

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\brc_Server.exe	009ec5fcb2a918da326186b11387f464_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\brc_Server.exe	009ec5fcb2a918da326186b11387f464_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4420	009ec5fcb2a918da326186b11387f464_JaffaCakes118.exe
4420	009ec5fcb2a918da326186b11387f464_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 3164	4420	009ec5fcb2a918da326186b11387f464_JaffaCakes118.exe	83
PID 4420 wrote to memory of 3164	4420	009ec5fcb2a918da326186b11387f464_JaffaCakes118.exe	83
PID 4420 wrote to memory of 3164	4420	009ec5fcb2a918da326186b11387f464_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\009ec5fcb2a918da326186b11387f464_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\009ec5fcb2a918da326186b11387f464_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a65355$$.bat
  2⤵
  PID:3164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a65355$$.bat

Filesize
152B

MD5
63fec8ab087b40cad65d1cce1fd593da

SHA1
57b9965c6676c5d1b52124fd42574b5ec25e0d3c

SHA256
4bb3226045f1e78a965af2f705ce46f9c166c8cda65a45e1d0d47125c1d42ac3

SHA512
a563b054f50c380bd5d440b58a3ec11e08936059eb58a2bb42529a261391ce3e0cfae8323831fba4c53c614ce522f1548e89a25187a8144dd3aae6b020ce2c2e

Download Submit
memory/4420-10-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/4420-15-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/4420-3-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/4420-18-0x0000000003310000-0x0000000003318000-memory.dmp

Filesize
32KB

Download
memory/4420-17-0x0000000003340000-0x0000000003341000-memory.dmp

Filesize
4KB

Download
memory/4420-16-0x0000000003350000-0x0000000003351000-memory.dmp

Filesize
4KB

Download
memory/4420-0-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4420-14-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/4420-13-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/4420-12-0x0000000003320000-0x0000000003323000-memory.dmp

Filesize
12KB

Download
memory/4420-2-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/4420-11-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/4420-5-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/4420-8-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/4420-7-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/4420-6-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/4420-9-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/4420-4-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/4420-20-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/4420-19-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/4420-24-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/4420-25-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4420-26-0x0000000002190000-0x00000000021E4000-memory.dmp

Filesize
336KB

Download
memory/4420-1-0x0000000002190000-0x00000000021E4000-memory.dmp

Filesize
336KB

Download